Manual Chapter :
SSL Traffic Management
Applies To:
Show VersionsBIG-IP AAM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP APM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP Analytics
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP Link Controller
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP LTM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP PEM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP AFM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP DNS
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP ASM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
SSL Traffic Management
About SSL offload
When you want the BIG-IP system to process application traffic over SSL, you can configure the
system to perform the SSL handshake that destination servers normally perform. This ability for
the BIG-IP system to offload SSL processing from a destination server is an important feature of
the BIG-IP system.
In this release, TLS 1.3 is supported with RFC 8446.
The most common way to configure the BIG-IP system is to create a Client SSL profile, which
makes it possible for the BIG-IP system to decrypt client requests before sending them on to a
server, and encrypt server responses before sending them back to the client.
Within a Client SSL profile specifically, you can specify multiple certificate/key pairs, one
per key type. This enables the system to accept all types of cipher suites that a client might
support as part of creating a secure connection. The system then decrypts the client data,
manipulates any headers or payload according to the way that you configured the Client SSL
profile, and by default, sends the request in clear text to the target server for processing.
For those sites that require enhanced security on their internal network, you can configure a
Server SSL profile. With a Server SSL profile, the BIG-IP system re-encrypts the request before
sending it to the destination server. When the server returns an encrypted response, the BIG-IP
system decrypts and then re-encrypts the response, before sending the response back to the
client.
About client-side and server-side SSL
profiles
You can manage the way that the BIG-IP system processes SSL application traffic by configuring
two types of SSL profiles: A Client SSL profile, a Server SSL profile, or both. These profiles affect the
way that the system manages SSL traffic passing through the system.
When you configure Client
SSL or Server SSL profiles and assign them to a virtual server, the BIG-IP system
offloads SSL processing from the destination server. This offloading not only conserves resource on destination servers, but enables the BIG-IP system to
customize SSL traffic processing according to your configuration specifications.
Create a custom Client SSL profile
You create a custom Client SSL profile when you
want the BIG-IP system to terminate
client-side SSL traffic for the purpose of decrypting client-side ingress traffic and
encrypting client-side egress traffic. By terminating client-side SSL traffic, the
BIG-IP system offloads these decryption/encryption functions from the destination
server. When you perform this task, you can specify multiple certificate key chains, one
for each key type (RSA, DSA, and ECDSA). This allows the BIG-IP system to negotiate
secure client connections using different cipher suites based on the client's
preference.
At a minimum, you must specify a certificate key chain that
includes an RSA key pair. Specifying certificate key chains for DSA and ECDSA key
pairs is optional, although highly recommended.
- On the Main tab, click.The Client SSL profile list screen opens.
- ClickCreate.The New Client SSL Profile screen opens.
- In theNamefield, type a unique name for the profile.
- From theParent Profilelist, selectclientssl.
- Select theCustomcheck box.The settings become available for change.
- From theConfigurationlist, selectAdvanced.
- For theModesetting, select theEnabledcheck box.
- For theCertificate Key Chainsetting, clickAdd.
- From theCertificatelist, select a certificate name.This is the name of a certificate that you installed on the BIG-IP system. If you have not generated a certificate request nor installed a certificate on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing certificate nameddefault.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- From theKeylist, select the name of the key associated with the certificate specified in the previous step.This is the name of a key that you installed on the BIG-IP system. If you have not installed a key on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing key nameddefault.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- From theChainlist, select the chain that you want to include in the certificate key chain.A certificate chain can contain either a series of public key certificates in Privacy Enhanced Mail (PEM) format or a series of one or more PEM files. A certificate chain can contain certificates for Intermediate certificate Authorities (CAs).The default self-signed certificate and the default CA bundle certificate are not appropriate for use as a certificate chain.
- For thePassphrasefield, type a string that enables access to SSL certificate/key pairs that are stored on the BIG-IP system with password protection.This setting is optional. For added security, the BIG-IP system automatically encrypts the pass phrase itself. This pass phrase encryption process is invisible to BIG-IP system administrative users.
- ClickAdd.
- In theCertificate Key Chainsetting, clickAddagain, and repeat the process for all certificate key chains that you want to specify.At a minimum, you must specify an RSA certificate key chain.The result is that all specified key chains appear in the text box.
- To enable OCSP stapling, select theOCSP Staplingcheck box.To enable OCSP stapling, you must first create an OCSP Stapling profile. SeeCreating an OCSP stapling profilefor detailed steps.
- If you want toNotify Certificate Status to Virtual Server, select the check box.
- For theCipherssetting, specify a cipher group or cipher string by choosing one of these options.If you specified an ECDSA certificate key chain in theCertificate Key Chainsetting, you must include the cipher stringECDHE_ECDSAin the cipher group or cipher string that you specify in theCipherssetting. (At a minimum, you should specify a cipher group or string such asDEFAULT:ECDHE_ECDSA.) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.OptionDescriptionCipher GroupSelect an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of theCipherssetting where we've selected a custom cipher group that we created earlier.Cipher StringType a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
- Always append ciphers to theDEFAULTcipher string.
- Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
- Disable ADH ciphers but also include the keywordHIGH. To do this, just include both!ADHand:HIGHin your cipher string.
- For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE usesForward Privacy, which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools likessldumpwon't work when you're using Forward Secrecy.
- Disable EXPORT ciphers by including!EXPORTin the cipher string.
- If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include:!SSLv3in any cipher string you type.
Here's an example of theCipherssetting where we have opted to manually type the cipher stringDEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH: - Configure any other settings as needed.
- ClickFinished.
After performing this task, you can see the custom Client SSL profile in the list of
Client SSL profiles on the system.
By default, TLSv1.3 is disabled in
this configuration.
To use this profile, you must assign it to a
virtual server. See
Assigning SSL profiles to a virtual
server
for detailed information.Create a custom Server SSL profile
With a Server SSL profile, the BIG-IP system can perform decryption and encryption for server-side SSL traffic.
- On the Main tab, click.The Server SSL profile list screen opens.
- ClickCreate.The New Server SSL Profile screen opens.
- In theNamefield, type a unique name for the profile.
- From theParent Profilelist, selectserverssl.
- From theConfigurationlist, selectAdvanced.
- Select theCustomcheck box.The settings become available for change.
- From theCertificatelist, select the name of an SSL certificate on the BIG-IP system.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- From theKeylist, select the name of an SSL key on the BIG-IP system.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- In thePass Phrasefield, type a pass phrase that enables access to the certificate/key pair on the BIG-IP system.
- From theChainlist, select the name of an SSL chain on the BIG-IP system.
- For theCipherssetting, specify a cipher group or cipher string by choosing one of these options.If you specified an ECDSA certificate key chain in theCertificate Key Chainsetting, you must include the cipher stringECDHE_ECDSAin the cipher group or cipher string that you specify in theCipherssetting. (At a minimum, you should specify a cipher group or string such asDEFAULT:ECDHE_ECDSA.) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.OptionDescriptionCipher GroupSelect an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of theCipherssetting where we've selected a custom cipher group that we created earlier.Cipher StringType a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
- Always append ciphers to theDEFAULTcipher string.
- Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
- Disable ADH ciphers but also include the keywordHIGH. To do this, just include both!ADHand:HIGHin your cipher string.
- For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE usesForward Privacy, which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools likessldumpwon't work when you're using Forward Secrecy.
- Disable EXPORT ciphers by including!EXPORTin the cipher string.
- If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include:!SSLv3in any cipher string you type.
Here's an example of theCipherssetting where we have opted to manually type the cipher stringDEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH: - Configure any other settings as needed.
- ClickFinished.
After performing this task, you can see the custom Server SSL profile in the list of Server SSL profiles on the system.
By default, TLSv1.3 is disabled in
this configuration.
To use this profile, you must assign it to a
virtual server. See the
Assigning SSL profiles to a virtual
server
section for detailed information.Create a custom Client SSL profile that supports SM2
You create a custom Client SSL profile when you
want the BIG-IP® system to terminate client-side SSL traffic for the purpose of
decrypting client-side ingress traffic and encrypting client-side egress traffic. By
terminating client-side SSL traffic, the BIG-IP system offloads these
decryption/encryption functions from the destination server. When you perform this task,
you can specify multiple certificate key chains, one for each key type (RSA, DSA, and
ECDSA). This allows the BIG-IP system to negotiate secure client connections using
different cipher suites based on the client's preference.
F5 has
added SM2, SM3, and SM4 Cryptographic Algorithm support for the Chinese market. The
algorithms were independently developed by the China State Cryptography
Administration, where SM2 is the public key algorithm, SM3 is the hash algorithm,
and SM4 is the block cipher algorithm. SM2 is based on the Elliptic Curve Discrete
Logarithm Problem (ECDLP). Also see the following sections for details importing,
exporting, and managing a certificate and key with SM2 license.
Before you create a customer Client SSL profile that supports SM2, create an SM2
cipher rule and cipher group.
- Create an SM2 Cipher Rule
- On the Main tab, click.The Ciphers Rules screen opens.
- ClickCreate.The New Cipher Rule screen opens.
- In theNamefield, type a unique name for your SM2 cipher rule.
- In theCipher Suitesfield, type the following cipher suites string:ECC-SM4-SM3
- In theDH Groupsfield, type the following DH groups string:SM2P256
- In theSignature Algorithmsfield, type the following signature algorithm string:SM2-SM3
- ClickFinished. You are now ready to create a cipher group.
- Create an SM2 Cipher Group
- On the Main tab, click.The Ciphers Groups screen opens.
- ClickCreate.The New Cipher Group screen opens.
- In theNamefield, type a unique name for your SM2 cipher group.
- In theGroup Detailsarea, select the check box next to the SM2 cipher rule from theAvailable Ruleslist.
- Select the arrows next to theAllow the followingfield to move the selected SM2 cipher rule to this field.
- ClickFinished. You are now ready to create your custom Client SSL profile that supports SM2.
- Create a Custom Client SSL Profile that supports SM2
- On the Main tab, click.he Client SSL profile list screen opens.
- ClickCreate.The New Client SSL Profile screen opens.
- In theNamefield, type a unique name for the profile.
- From theParent Profilelist, selectclientssl.
- Select theCustomcheck box.The settings become available for change.
- From theConfigurationlist, selectAdvanced.
- For theModesetting, select theEnabledcheck box.
- or theCertificate Key Chainsetting, clickAdd. For SM2 client profile, selectSM2file type from the Certificate, Key, and Chain lists.
- From theCertificatelist, select a certificate name. // This is the name of a certificate that you installed on the BIG-IP system. If you have not generated a certificate request nor installed a certificate on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing certificate named default. // Important: If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- From theKeylist, select the name of the key associated with the certificate specified in the previous step. // This is the name of a key that you installed on the BIG-IP system. If you have not installed a key on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing key named default. // Important: If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- From theChainlist, select the chain that you want to include in the certificate key chain. // A certificate chain can contain either a series of public key certificates in Privacy Enhanced Mail (PEM) format or a series of one or more PEM files. A certificate chain can contain certificates for Intermediate certificate Authorities (CAs). // Note: The default self-signed certificate and the default CA bundle certificate are not appropriate for use as a certificate chain.
- For thePassphrasefield, type a string that enables access to SSL certificate/key pairs that are stored on the BIG-IP system with password protection. // This setting is optional. For added security, the BIG-IP system automatically encrypts the pass phrase itself. This pass phrase encryption process is invisible to BIG-IP system administrative users.
- ClickAdd
- For theCipherssetting, specify aCipher Groupand select the existingSM2custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections.
- For theOptions Listsetting, select the following as Enabled Options:
- GMSSLv1.1
- No SSL
- No TLS
- No DTLS
- ClickFinished.
After performing this task, you can see the custom
Client SSL profile that supports SM2 in the list of Client SSL profiles on the
system.
Create a custom
Client SSL profile that supports C3D
You create a custom Client SSL profile when you
want the BIG-IP system to terminate
client-side SSL traffic for the purpose of decrypting client-side ingress traffic and
encrypting client-side egress traffic. By terminating client-side SSL traffic, the
BIG-IP system offloads these decryption/encryption functions from the destination
server. When you perform this task, you can specify multiple certificate key chains, one
for each key type (RSA, DSA, and ECDSA). This allows the BIG-IP system to negotiate
secure client connections using different cipher suites based on the client's
preference.
At a minimum, you must specify a certificate key chain that
includes an RSA key pair. Specifying certificate key chains for DSA and ECDSA key
pairs is optional, although highly recommended.
- On the Main tab, click.The Client SSL profile list screen opens.
- ClickCreate.The New Client SSL Profile screen opens.
- In theNamefield, type a unique name for the profile.
- From theParent Profilelist, selectclientssl.
- Select theCustomcheck box.The settings become available for change.
- From theConfigurationlist, selectAdvanced.
- For theModesetting, select theEnabledcheck box.
- For theCertificate Key Chainsetting, clickAdd.
- From theCertificatelist, select a certificate name.This is the name of a certificate that you installed on the BIG-IP system. If you have not generated a certificate request nor installed a certificate on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing certificate nameddefault.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- From theKeylist, select the name of the key associated with the certificate specified in the previous step.This is the name of a key that you installed on the BIG-IP system. If you have not installed a key on the BIG-IP system, and the BIG-IP system is not part of a device service clustering (DSC) configuration, you can specify the name of the existing key nameddefault.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- From theChainlist, select the chain that you want to include in the certificate key chain.A certificate chain can contain either a series of public key certificates in Privacy Enhanced Mail (PEM) format or a series of one or more PEM files. A certificate chain can contain certificates for Intermediate certificate Authorities (CAs).The default self-signed certificate and the default CA bundle certificate are not appropriate for use as a certificate chain.
- For thePassphrasefield, type a string that enables access to SSL certificate/key pairs that are stored on the BIG-IP system with password protection.This setting is optional. For added security, the BIG-IP system automatically encrypts the pass phrase itself. This pass phrase encryption process is invisible to BIG-IP system administrative users.
- ClickAdd.
- In theCertificate Key Chainsetting, clickAddagain, and repeat the process for all certificate key chains that you want to specify.At a minimum, you must specify an RSA certificate key chain.The result is that all specified key chains appear in the text box.
- To enable OCSP stapling, select theOCSP Staplingcheck box.To enable OCSP stapling, you must first create an OCSP Stapling profile. SeeCreating an OCSP stapling profilefor detailed steps.
- If you want toNotify Certificate Status to Virtual Server, select the check box.
- For theCipherssetting, specify a cipher group or cipher string by choosing one of these options.If you specified an ECDSA certificate key chain in theCertificate Key Chainsetting, you must include the cipher stringECDHE_ECDSAin the cipher group or cipher string that you specify in theCipherssetting. (At a minimum, you should specify a cipher group or string such asDEFAULT:ECDHE_ECDSA.) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.OptionDescriptionCipher GroupSelect an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of theCipherssetting where we've selected a custom cipher group that we created earlier.Cipher StringType a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
- Always append ciphers to theDEFAULTcipher string.
- Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
- Disable ADH ciphers but also include the keywordHIGH. To do this, just include both!ADHand:HIGHin your cipher string.
- For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE usesForward Privacy, which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools likessldumpwon't work when you're using Forward Secrecy.
- Disable EXPORT ciphers by including!EXPORTin the cipher string.
- If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include:!SSLv3in any cipher string you type.
Here's an example of theCipherssetting where we have opted to manually type the cipher stringDEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH: - For the Client Authentication area, select theCustomcheck box.
- ForClient Certificatelist, specify whether you want toignore,require, orrequestthe client certificate authentication.
- If you are enabling C3D, from theTrusted Certificate Authoritieslist, you must select a trusted CA bundle.
- Select theCustomcheck box for the Client Certificate Constrained Delegation area.The settings become available for change.SeeAbout client certificate constrained delegationprior to enabling C3D.
- For theClient Certificate Constrained Delegationsetting, selectEnabled.
- From theOCSPlist, select the object that the BIG-IP system's SSL should use to connect to the OCSP responder and check the client certificate status.You can click the+icon to open the create-new OCSP object screen. SeeCreating an OCSP stapling profilefor detailed steps.
- For theUnknown OCSP Response Controllist, specify the action the system takes when the OCSP object returns an unknown status:
- If you want the connection to be dropped, retain the default valueDrop.
- If you want the connection to ignore the unknown status and continue, SelectIgnore.
- ClickFinished.
After performing this task, you can see the custom Client SSL profile in the list of
Client SSL profiles on the system.
To use this profile, you must assign it to a
virtual server. See
Assigning SSL profiles to a virtual
server
for detailed information.Create a custom
Server SSL profile that supports C3D
With a Server SSL profile, the BIG-IP system can perform decryption and encryption for
server-side SSL traffic.
For detailed information on how to complete the client
certificate constrained delegation (C3D) configuration and ensure that your custom
server SSL profile is set up properly, see
About client
certificate constrained delegation
before completing your custom profile
setup.- On the Main tab, click.The Server SSL profile list screen opens.
- ClickCreate.The New Server SSL Profile screen opens.
- In theNamefield, type a unique name for the profile.
- From theParent Profilelist, selectserverssl.
- From theConfigurationlist, selectAdvanced.
- Select theCustomcheck box.The settings become available for change.
- From theCertificatelist, select the name of an SSL certificate on the BIG-IP system.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- From theKeylist, select the name of an SSL key on the BIG-IP system.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- In thePass Phrasefield, type a pass phrase that enables access to the certificate/key pair on the BIG-IP system.
- From theChainlist, select the name of an SSL chain on the BIG-IP system.
- For theCipherssetting, specify a cipher group or cipher string by choosing one of these options.If you specified an ECDSA certificate key chain in theCertificate Key Chainsetting, you must include the cipher stringECDHE_ECDSAin the cipher group or cipher string that you specify in theCipherssetting. (At a minimum, you should specify a cipher group or string such asDEFAULT:ECDHE_ECDSA.) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.OptionDescriptionCipher GroupSelect an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of theCipherssetting where we've selected a custom cipher group that we created earlier.Cipher StringType a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
- Always append ciphers to theDEFAULTcipher string.
- Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
- Disable ADH ciphers but also include the keywordHIGH. To do this, just include both!ADHand:HIGHin your cipher string.
- For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE usesForward Privacy, which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools likessldumpwon't work when you're using Forward Secrecy.
- Disable EXPORT ciphers by including!EXPORTin the cipher string.
- If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include:!SSLv3in any cipher string you type.
Here's an example of theCipherssetting where we have opted to manually type the cipher stringDEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH: - In the same area of the screen, configure any other settings as needed.
- Select theCustomcheck box for the Server Authentication area of the screen.The settings become available for change.
- Change or retain the values for all Server Authentication settings as needed.
- If you intend to use OCSP stapling, then from theOCSPlist, select the OCSP object that the BIG-IP system's SSL should use to connect to the OCSP responder and to check the server certificate status. You can click the + icon to open the create-new OCSP object screen.The OCSP stapling object can be added in both forward and reverse proxy configurations. When the serverSSL Forward Proxyproperty is set toEnabled, the forward proxy OCSP object is used to validate and staple the web server's certificate status. When the serverSSL Forward Proxyproperty is set toDisabled, the reverse proxy OCSP object is used to reset the client connection if the web server certificate has been revoked.
- Select theCustomcheck box for the Client Certificate Constrained Delegation section.The settings become available for change.SeeAbout client certificate constrained delegationprior to enabling C3D.
- From theClient Certificate Constrained Delegationsetting, selectAdvanced.
- From theClient Certificate Constrained Delegationlist, selectEnabled.
- From theCA Certificatelist, select the name of the certificate file that is used as the certification authority certificate.
- From theCA Keylist, select the name of the key file that is used as the certification authority key.
- In theCA Passphrasefield, type the passphrase of the key file that is used as the certification authority key.This should be the passphrase corresponding to the specifiedCA Key.
- For theConfirm CA Passphrasefield, type the identical passphrase.
- For theCertificate Lifespanfields, type the lifespan of the certificate generated that is using the SSL client certificate constrained delegation.The default is1day,0hours.
- To define the extensions of the client certificates to be included in the generated certificates, from theCertificate Extensionslist, selectExtensions List.
- For theCertificate Extensions Listsetting, clickDisableorEnableto add or remove available extensions.
- Basic Constraints: Uses basic constraints to indicate whether the certificate belongs to a CA.
- Extended Key Usage: Uses Extended Key Usage, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.
- Key Usage: Provides a bitmap specifying the cryptographic operations that may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for enciphering.
- Subject Alternative Name: Allows identities to be bound to the subject of the certificate. These identities may be included in addition to, or in place of, the identity in the subject field of the certificate.
You can also add extensions in theCustom extensionfield. Type in the extension name and clickAdd. - ClickFinished.
To use this profile, you must assign it to a
virtual server. See the
Assigning SSL profiles to a virtual
server
section for detailed information.Create a custom Server SSL profile that supports CRL
With a Server SSL profile,
the BIG-IP system can perform decryption and
encryption for server-side SSL traffic.
A certificate revocation
list (CRL) is a published list of revoked certificates issued and updated by the
certificate authority who signed them. Clients like your internet browser, will
check the certificate's CRL URI to find out if the certificate is valid. When a
certificate is revoked, the CRL is updated to reflect the revokation and published
accordingly. Lists are not the most efficient way to maintain a record of revocation
in high volume scenarios so some application vendors have deprecated their use in
favor of online certificate status protcol (OCSP). However, you still need a CRL
configuraiton as it is still a common scenario and recommended for backward
compatibility.
Before you create a customer Server SSL profile that supports CRL, you
must create either a configured DNS resolver or a configured BIG-IP LTM
pool.
- Create an internal proxy
- On the Main tab, click.The Internal Proxies screen opens.
- ClickCreate.The New Internal Proxy screen opens.
- In theNamefield, type a unique name for your internal proxy.
- Select theUse Proxy Servercheck box if you want to use theProxy Server Poolinstead ofDNS Resolver. TheProxy Server Poolis the LTM pool with one or multiple proxies for forwarding the CRL request to the CRL server. TheDNS Resolveris the internal DNS resolver the BIG-IP system uses to fetch the internal proxy response.
- From theDNS Resolverlist, select the internal DNS resolver the BIG-IP system uses to fetch the internal proxy response. This involves specifying one or more DNS servers in the DNS resolver configuration. Use this option when:
- There is a DNS server that can do the name-resolution of the internal proxy.
- The internal proxy can be reached on one of BIG-IP system's interfaces.
If you are not selecting a pre-existing DNS Resolver you can create one. Click+to define a new internal DNS resolver and then return to this screen. - From theProxy Server Poollist, select the LTM pool for forwarding the CRL request to the CRL server.
- From theRoute Domainlist, select the route domain for fetching an internal proxy using HTTP explicit proxy. It is common to have the Route Domain set to0. Click+to define a new route domain.You have now created an internal proxy and are ready to create a CRL configuration object.
- Create a CRL configuration object
- On the Main tab, click.The CRL screen opens.
- ClickCreate.The New CRL screen opens.
- In theNamefield, type a name that specifies the certificate revocation list.
- Specify if you want to selectStrict Revocation Checkto protect your configuration from accidental future changes. The Strict Revocation Check specifies whether the strict revocation check for the certificate revocation list is enable or disabled. If the check box is selected it enables the strict revocation check and keymgmtd waits for the c fetching/caching to complete. If it is disabled, keymgmtd immediately replies with certificate status that is unknown and starts to download/cache the certificate revocation list file.
- For theInternal Proxysection, selectInternal Proxy Listto define the CRL list that specifies the internal DNS resolver or a proxy server pool. Select either New Internal Proxy or Internal Proxy List to specify the internal proxy.
- ClickUpdate.You are now ready to create your custom Server SSL profile that supports CRL.
- Create a Custom Server SSL Profile that supports CRL
- On the Main tab, click.The Server SSL profile list screen opens.
- ClickCreate.The New Server SSL Profile screen opens.
- In theNamefield, type a unique name for the profile.
- From theParent Profilelist, selectserverssl.
- From theConfigurationlist, selectAdvanced.
- Select theCustomcheck box.The settings become available for change.
- From theCertificatelist, select the name of an SSL certificate on the BIG-IP system.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default certificate name, and ensure that this same certificate name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- From theKeylist, select the name of an SSL key on the BIG-IP system.If the BIG-IP system is part of a DSC Sync-Failover group, always select a non-default key name, and ensure that this same key name is specified in every instance of this SSL profile in the device group. Taking these actions helps to ensure that SSL handshakes are successful after a failover event.
- In thePass Phrasefield, type a pass phrase that enables access to the certificate/key pair on the BIG-IP system.
- From theChainlist, select the name of an SSL chain on the BIG-IP system.
- For theCipherssetting, specify a cipher group or cipher string by choosing one of these options.If you specified an ECDSA certificate key chain in theCertificate Key Chainsetting, you must include the cipher stringECDHE_ECDSAin the cipher group or cipher string that you specify in theCipherssetting. (At a minimum, you should specify a cipher group or string such asDEFAULT:ECDHE_ECDSA.) This is necessary to ensure successful cipher negotiation when the BIG-IP system is offered an ECDSA-based certificate only.OptionDescriptionCipher GroupSelect an existing cipher group from the list when you want to use a system-defined or custom cipher group to define the ciphers that the BIG-IP system uses for negotiating SSL connections. Here's an example of theCipherssetting where we've selected a custom cipher group that we created earlier.Cipher StringType a cipher string in the box if you want to manually specify a cipher string instead of selecting a cipher group. For security and performance reasons, consider following these recommendations:
- Always append ciphers to theDEFAULTcipher string.
- Type a cipher string that includes the ECC key type, because its shorter length speeds up encryption and decryption while still offering virtually the same level of security.
- Disable ADH ciphers but also include the keywordHIGH. To do this, just include both!ADHand:HIGHin your cipher string.
- For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE usesForward Privacy, which creates a key that it throws away after each session so that the same session key never gets used twice. When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. Also, diagnostic tools likessldumpwon't work when you're using Forward Secrecy.
- Disable EXPORT ciphers by including!EXPORTin the cipher string.
- If you can live with removing support for the SSLv3 protocol version, do it. This protocol version is not secure. Simply include:!SSLv3in any cipher string you type.
Here's an example of theCipherssetting where we have opted to manually type the cipher stringDEFAULT:ECDHE-RSA-AES-128-GCM-SHA256:!ADH:!EXPORT:HIGH: - In the same area of the screen, configure any other settings as needed.
- Select theCustomcheck box for the Server Authentication area of the screen.The settings become available for change.
- Change or retain the values for all Server Authentication settings as needed.
- From theCRLlist, select the CRL object that specifies the SSL client certificate constrained delegation CRL object that the BIG-IP system's SSL should use. You can click the+icon to open the create-new CRL object screen.
- From theCRL Filelist, select the name of a file containing a list of revoked server certificates.
- In theAllow Expired CRL Filefield, select the check box to instruct the system to use the specified CRL file even if it has expired. The default is disabled.
- Complete any other settings and clickFinished.
After performing this
task, you can see the custom Server SSL profile that supports CRL in the list of Server
SSL profiles on the system.
Assign SSL profiles to a virtual server
The final task in the process of implementing SSL profiles is to assign the SSL profile to a virtual server. If the relevant virtual server does not yet exist, you can assign the SSL profile (or profiles) to the virtual server when you create it.
- On the Main tab, click.The Virtual Server List screen opens.
- Click the name of a virtual server.
- From theConfigurationlist, selectAdvanced.
- For theSSL Profile (Server)setting, from theAvailablelist, select the name of the Server SSL profile you previously created and move the name to theSelectedlist.
- ClickUpdateto save the changes.
About BIG-IP cipher
support
The BIG-IP system includes a default cipher string named DEFAULT, which contains a subset of the cipher suites that the BIG-IP system supports.
The full set of cipher suites that the BIG-IP system supports are contained in the NATIVE cipher string. The cipher suites contained in both the DEFAULT and NATIVE cipher string are eligible for hardware acceleration.
The BIG-IP system supports a large set of cryptographic parameters that you can use to modify how the BIG-IP manages SSL/TLS connections.
For TLS 1.2 and TLS 1.3, you can configure all or some of the cryptographic
parameters:
- Ciphersuites.
- Key exchange algorithms, for example RSA, DH, or ECDHE.
- Signature algorithms, for example RSA or ECDSA.
- Encryption primitives, for example AES128 or CAMELLIA.
- Hash algorithms, for example SHA256.
- Message authentication codes, for example HMAC-SHA256 or HMAC-SHA384.
Glossary of cipher-related terms
The BIG-IP system supports many cryptographic parameters used to negotiate SSL/TLS connections. The following list will help you understand how these parameters are organized on the BIG-IP
system.
- Cipher Group
- A BIG-IP configuration object that specifies a list of cipher rules. The BIG-IP system offers several pre-built cipher groups, such asf5-default,f5-ecc, andf5-secure. You can use a pre-built cipher group or create a new custom cipher group. Cipher Groups can be associated with a Client or Server SSL profile's Cipher option to specify the allowed cryptographic parameters.
- Cipher rule
- A BIG-IP configuration object that specifies a list of cipher suites used to negotiate SSL/TLS connections. The BIG-IP system offers several pre-built cipher rules, such asf5-default,f5-ecc, andf5-secure. You can use a pre-built cipher rule or create a custom cipher rule. Cipher Rules are applied to Cipher Groups.
- Cipher string
- A BIG-IP named object that specifies a list of one or more cipher suites, for example DEFAULT or NATIVE. You can combine cipher strings to create the final cipher string that the BIG-IP system uses to negotiate SSL security parameters with another system. Cipher Strings can be associated with a Client or Server profile's Cipher option to specify the allowed cryptographic parameters.
- Cipher Suites
- A cipher suite is a combination of a key exchange method, authentication method, bulk encryption algorithm, and a message authentication code (MAC). The BIG-IP system uses cipher suites to negotiate the security parameters used to create SSL/TLS connections.
- Rule Audit
- The Rule Audit can be used when creating a custom Cipher Rule to display list of cipher suites contained in the cipher rule.
- Group Audit
- The Group Audit can be used when creating a custom Cipher Group, to display the list of cipher suites that will make up the final Cipher Group.
What is a cipher group?
A
cipher group
contains a list of cipher rules, and the instructions that the BIG-IP system needs for building the cipher string it will use for security negotiation. The instructions tell the system which cipher rules to include in the string, and how to apply them (allow, restrict, or exclude, and in what order).Pre-built cipher groups
The BIG-IP system offers a few pre-built cipher groups that you can choose from to use as is
to build your final cipher string, However, it's common to create your own custom cipher group
instead.
Custom cipher
groups
This illustration shows an example of a custom cipher group.
Using this cipher group, the BIG-IP system builds the final cipher string using a user-created
custom cipher rule named
/Common/my_ecdhe_rsa
and the pre-built cipher rule /Common/f5-default
.Notice that the system will exclude from the string any cipher suites defined in the pre-built
cipher rule
/Common/f5-hw_keys
.Also notice that the cipher group displays a preview of the final cipher
string after the instructions are applied.
To create a custom SM2 cipher group to use when
creating a custom client SSL profile that supports SM2, see the
Create a custom Client
SSL profile that supports SM2
section for task details. This section also provides
information on creating a custom SM2 cipher rule.About pre-built cipher groups
The BIG-IP system offers a set of pre-built cipher groups, with names containing the
prefix
f5-
. Note that in general, a cipher group
contains the cipher suites that you want to allow, restrict, or exclude when the system builds the cipher string used for SSL negotiation.A
pre-built cipher group
allows all cipher suites specified in a corresponding pre-built cipher rule to be included in the final cipher string that the BIG-IP system builds for SSL negotiation. A prebuilt cipher group does not restrict the allowed cipher suites in any way, nor does it exclude any cipher suites.This table lists and describes the pre-built cipher groups on the system.
Cipher group name | Description |
---|---|
f5-aes
| Allows all cipher suites specified in the pre-built cipher rule f5-aes . |
f5-default
| Allows all cipher suites specified in the pre-built cipher rule f5-default . |
f5-ecc
| Allows all cipher suites specified in the pre-built cipher rule f5-ecc . |
f5-hw_keys
| Allows all cipher suites specified in the pre-built cipher rule f5-hw_keys . |
f5-secure
| Allows all cipher suites specified in the pre-built cipher rule f5-secure . |
About custom cipher groups
This illustration shows an example of a custom cipher group. Using
this cipher group, the BIG-IP system builds the final cipher string using a user-created
custom cipher rule named
/Common/my_ecdhe_rsa
and the pre-built cipher rule /Common/f5-default
.Notice that the system will exclude from the string any cipher suites
defined in the pre-built cipher rule
/Common/f5-hw_keys
.Also notice that the cipher group displays a preview of the final
cipher string after the instructions are applied.
Building a custom
Cipher Group
Before starting this task, make sure you've confirmed the need to create a custom
cipher string instead of using a pre-built cipher group.
You build a final, custom cipher string by creating a cipher
group. A
cipher group
contains the cipher rules
and instructions that the BIG-IP system needs for building the cipher string it will
use for security negotiation with a client or server system. To create a custom SM2 cipher group to use when creating a custom client SSL
profile that supports SM2, see the
Create a custom Client SSL profile that
supports SM2
section for task details. This section also provides
information on creating a custom SM2 cipher rule.- On the Main tab, click.The screen displays a list of pre-built cipher groups.
- ClickCreate.
- In theNamefield, type a name for the cipher group.Never include the prefixf5-in a cipher rule name. This prefix is reserved for pre-built cipher groups only.
- If you created any custom rules, then in the Cipher Creation area of the screen in theAvailable Cipher Ruleslist, verify that the custom rules appear in the list.
- For each cipher rule in theAvailable Cipher Ruleslist, click the plus sign to view the cipher suites included in the rule.For example, this shows the cipher suites included in the pre-built cipher rule named/Common/f5-ecc.
- In theAvailable Cipher Ruleslist, select the boxes for the cipher rules you want to allow for negotiating security for SSL connections.We strongly recommend that you select the cipher rule/Common/f5-default, and for added security, select other cipher rules, too.Here's an example of a list of available cipher rules that you might see within a cipher group. Notice that we've selected both a pre-built cipher rule and a custom cipher rule:
- In theGroup Detailssetting, move the selected cipher rules to theAllow the followingbox.Here we see that we're instructing the BIG-IP system to allow, during security negotiation, the cipher suites contained in the selected cipher rules:
- Again from theAvailable Cipher Ruleslist, select the boxes for the cipher rules you want to restrict the allowed cipher rules to when negotiating security for SSL connections.
- Move the selected cipher rules to theRestrict the Allowed list to the followingbox.
- If you want to exclude any cipher rules from the allowed list, then from theAvailable Cipher Ruleslist, select the boxes for the rules you want to exclude.
- Move the selected cipher rules to theExclude the following from the Allowed listbox.
- From theOrderlist, select the order that you want the BIG-IP system to use when negotiating SSL connections.The choices are:Default,Speed,Strength,FIPS, andHardware.
- In theCryptographic Parametersbox, view the cipher suites that the BIG-IP system will use to construct the final cipher string, based on the selections you made in the previous steps.
- ClickFinished.
After you complete this task, the BIG-IP system has a custom cipher group that the
BIG-IP system will use to build the final cipher string.
What is a cipher rule?
A
cipher rule
is an object that contains
a list of cipher suites. After you create a cipher rule, you specify
it within a cipher group. A
cipher
group
is the object that builds the actual cipher string that the system will use during
SSL negotiation.You can use pre-defined cipher rules that the BIG-IP system provides, or you
can create your own.
An example of a cipher rule might be one that specifies only cipher suites
that use a particular bulk encryption algorithm and key exchange method.
DH Groups and Signature Algorithms allow modification of TLS
1.2 and 1.3 key agreements and signature algorithms respectively.
To create a custom SM2 cipher rule to use when creating a custom client SSL profile that
supports SM2, see the
Create a custom Client SSL profile that supports SM2
section for task details. About pre-built cipher rules
Pre-built cipher rules
The BIG-IP system offers a set of pre-built cipher rules, with names containing the
prefix
f5-
. This table lists these cipher rules and the cipher
strings they represent.Cipher rule name | Associated cipher string |
---|---|
f5-aes | AES |
f5-default | DEFAULT |
f5-ecc | ECDHE:ECDHE_ECDSA |
f5-hw_keys | ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-CBC-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH |
f5-secure | ECDHE:RSA:!SSLV3:!RC4:!EXP:!DES |
About custom cipher rules
You can use the following cryptographic parameters to create custom cipher rules:
- Cipher suites
- These represent the bulk encryption and hash algorithms used to negotiate SSL/TLS connections. An example of a cipher suite isECDHE-RSA-AES128-CBC-SHA.
- DH groups
- In TLS 1.2 and 1.3, these are the Elliptic Curve Diffie Hellman (ECDH) key agreement algorithms used to negotiate SSL/TLS connections. The availablekey agreement curvesare:P256,P384, andX25519.
- Signature algorithms
- In TLS 1.2 and 1.3, these are the digital signature algorithms for authentication. Examples of signature algorithms arersa_pkcs1_sha256andecdsa_secp256r1_sha256.
Create a custom cipher rule
When you create your own cipher rules for inclusion in a custom cipher group, the BIG-IP system builds a cipher string that includes or excludes the cipher suites and algorithms needed for negotiating SSL connections.
To create a custom SM2 cipher rule to use when creating a custom client SSL
profile that supports SM2, see the
Create a custom Client SSL profile that
supports SM2
section for task details.- On the Main tab, click.The screen displays a list of pre-built cipher rules.
- ClickCreate.
- In theNamefield, type a name for the cipher rule.Never include the prefixf5-in a cipher rule name. This prefix is reserved for pre-built cipher rules only.For example:
- In theCipher Suitesfield, type one or more cipher suites.For example:
- In theDH Groupsfield, type one or more Elliptic Curve Diffie-Hellman key exchange algorithms, separated by commas (:).The available named groups (formerly known ascurves) are:secp256r1,secp384r1, andX25519. You can also type a special keyword,DEFAULT, which represents the recommended set of named groups.For example, you can specifysecp256r1:X25519.
- In theSignature Algorithmsfield, type one or more signature algorithms, separated by commas (:), that you want to include in the cipher rule. You can also type a special keyword,DEFAULT, which represents the recommended set of signature algorithms.The available signature algorithms are:DSA-SHA1,DSA-SHA256,DSA-SHA384,DSA-SHA512,ECDSA-SHA1,ECDSA-SHA256,ECDSA-SHA384,ECDSA-SHA512,RSA-PKCS1-SHA1,RSA-PKCS1-SHA256,RSA-PKCS1-SHA384,RCS-PKCS1-SHA512,RSA-PSS-SHA256,RSA-PSS-SHA384, andRSA-PSS-SHA512.For example, you can specifyRSA_PKCS1_SHA256:ECDSA_P256_SHA256.
- ClickFinished.
The cipher rule now appears within any custom cipher group, in the list of available cipher rules.
About the DEFAULT and NATIVE cipher strings
The
DEFAULT
cipher string appears as the default value in the Ciphers
setting of the Client SSL and Server SSL profiles and represents a subset of the cipher suites found in the NATIVE
cipher suite.The
NATIVE
cipher string represents the full set of BIG-IP supported cipher suites.Both the
DEFAULT
and NATIVE
cipher strings represent cipher suites that are eligible for hardware acceleration.We strongly recommend that you use the default cipher string and, for added security, append
other cipher suites to it.
Viewing cipher
suites in the DEFAULT and NATIVE cipher strings
Before you use this command, confirm that your BIG-IP user account grants you access to
the advanced shell.
Follow these steps to display the cipher suites associated with
the DEFAULT cipher string. This list of cipher suites is also included in the
pre-built cipher rule
f5-default
.- Using an SSH client application such as PuTTY, access the advanced shell on the BIG-IP system.
- At the system prompt, to view the DEFAULT cipher suites used for client-side negotiation, type the commandtmm --clientciphers DEFAULT.
- At the system prompt, to view the DEFAULT cipher suites used for server-side negotiation, type the commandtmm --serverciphers DEFAULT.
Best practices for BIG-IP cipher
strings
For security and performance reasons, consider the following recommendations:
- When modifying cipher suites, F5 strongly recommends that you append cipher suite modifications to theDEFAULTcipher string.
- Include a cipher string that specifies the ECC key type. Due to their smaller size, ECC keys reduce computing costs while maintaining a similar level of security.
- Disable ADH ciphers but also include the keywordHIGH. To do this, just include both!ADHand:HIGHin your cipher string.
- For AES, DES, and RC4 encryption types, make sure you specify the DHE key exchange method. DHE usesperfect forward secracy, which creates an ephemeral private key for each new secure connection. This ensures the same private key is never used twice.
- When you use DHE, make sure that the SSL private key isn't being shared with a monitoring system or a security device like an intrusion detection or prevention system. And by the way, diagnostic tools likessldumpwon't work when you're using Forward Secrecy.
About Diffie-Hellman
Ephemeral key exchange
The BIG-IP system supports the
Diffie-Hellman Ephemeral key exchange method, as well as other Diffie-Hellman variations. A
Diffie–Hellman key exchange method
is an alternative to RSA key
exchange and allows the client and the BIG-IP system to establish a shared secret session key to
use for communication.About DHE key
exchange
Because Diffie-Hellman key exchange methods do not include
authentication, use of Diffie-Hellman Ephemeral (DHE) requires that it be paired with an
authentication mechanism. The DHE key exchange/authentication pairs that the BIG-IP system
supports are:
- DHE-RSA-* (Diffie-Hellman Ephemeral-RSA)
- DHE-DSS-* (Diffie-Hellman Ephemeral-DSS)
- ECDHE-RSA-* (Elliptic Curve Diffie-Hellman Ephemeral-RSA)
- ECDHE-ECDSA-* (Elliptic Curve Diffie-Hellman Ephemeral-DSA)
DHE key
exchange methods, when paired with RSA and DSS authentication, are not included in the
cipher rule
f5-default
nor in the
cipher keyword DEFAULT
.About Perfect-Forward-Privacy
The Diffie-Hellman Ephemeral (DHE) key exchange method provides Perfect Forward Privacy (PFP).
With standard Diffie-Hellman, multiple key exchanges all use the same session key, which can
compromise security. By contrast, DHE uses
PFP
, which generates a disposable key per
session and thereby ensures that the same session key is never used twice. No key remains to be
disclosed, and if the private key of the server is discovered, past communication remains
secure.Supported Diffie-Hellman variations
The BIG-IP system supports all three Diffie-Hellman key exchange methods. They are:
- Diffie-Hellman Ephemeral (DHE)
- Diffie-Hellman Ephemeral uses temporary public keys. The authenticity of a temporary key can be verified by checking the digital signature included in the key exchange messages. The key exchange messages are signed using either the RSA or DSA algorithms, depending on the cipher being used. For example, DHE-RSA uses RSA to sign the key exchange messages. DHE includes Perfect Forward Secrecy (PFS), which means that a compromise of the system's long-term signing key does not affect the privacy of past sessions. Like FIPS, DHE prevents private key disclosure.
- Diffie-Hellman (DH)
- Diffie-Hellman embeds the system's public parameter in the certificate, and the CA then signs the certificate. That is, the certificate contains the Diffie-Hellman public-key parameters, and those parameters never change.
- Anonymous Diffie-Hellman (ADH)
- Anonymous Diffie-Hellman uses DH, but without authentication. The keys used in the exchange are not authenticated, resulting in keys being susceptible to security attacks.
Viewing a list of supported DHE ciphers
Before using this command, confirm that your user account grants you access to the advanced shell.
You perform this task when you want to display a specific set of ciphers that the BIG-IP system supports.
- Access the advanced shell on the BIG-IP system.
- At the system prompt, type the commandtmm --clientciphers.ciphersFor example, to see a list of DHE+DES ciphers, typetmm --clientciphers DHE:DHE_DSS. To see a list of ECDHE ciphers, typetmm --clientciphers ECDHE:ECDHE_ECDSA.
Specifying a Diffie-Hellman key exchange method
Use this task to modify an existing Client SSL profile to enable support for
Diffie-Hellman key exchange.
- On the Main tab, clickor .The Client SSL or Server SSL profile list screen opens.
- In the Name column, click the name of the profile you want to modify.
- Select theCustomcheck box.The settings become available for change.
- To specify DHE ciphers:
- From theConfigurationlist, selectAdvanced.
- For theCipherssetting, clickCipher Stringand typeDHE:DHE_DSS.
- ClickUpdate.
After you perform this task and assign the profile to a virtual server, the BIG-IP uses the DHE key exchange method to establish secure communication with the relevant client or server.
Viewing DHE key exchange statistics
You can use the Traffic Management Shell (tmsh) to view statistics about the use of Diffie-Hellman ciphers in SSL negotiation.
- Access the system prompt on the BIG-IP system.
- From the BIG-IP system prompt, typetmsh show ltm profile client-ssl.profile_nameAn example of a name for a profile that specifies DHE ciphers ismy_dhe_profile.
After you type this command, the BIG-IP system displays output such as the following. In this example, the profile statistics show that Diffie-Hellman Ephemeral (DHE) with RSA certificates has been used once:
About Elliptic Curve
encryption
The BIG-IP system supports Elliptic Curve Cryptography (ECC). Because
Elliptic Curve key sizes are significantly smaller than those of other key types, ECC is ideally
suited for smaller, mobile devices for which key storage is an issue. On the BIG-IP system, ECC
works with the SSL offload feature.
About Elliptic Curve
cipher support
The BIG-IP system supports multiple ciphers that use Elliptic Curve
Cryptography (ECC) encryption with Diffie-Hellman key exchange. On the BIG-IP system, EC is used
with DHE to establish the shared secret; however, the subsequent bulk encryption of data cannot
be done with any ECC-based algorithm and must be done using conventional crypto algorithms such
as AES and 3DES. For example, a typical Elliptic Curve cipher is: ECDHE-RSA-AES128-CBC-SHA.
The specific ECC ciphers that the BIG-IP system supports are:
- ECDHE-RSA-*
- ECDHE-ECDSA-*
- ECDH-ECDSA-*
Because ECC with Diffie-Hellman does not include a mechanism for digitally
signing handshake messages, the RSA or DSA algorithms are used to digitally sign the handshake
messages to thwart Man-in-the-Middle attacks. For example, an ECDHE-ECDSA-* cipher suite uses the
ECC DSA certificate specified in the Client SSL profile to digitally sign the handshake
messages.
Elliptic
Curve ciphers with DSA are not included in the
DEFAULT
cipher suite.Viewing ECDH key exchange statistics
You can use the Traffic Management Shell (tmsh) to view statistics about the use of Elliptic Curve Diffie-Hellman ciphers in SSL negotiation.
- Access the system prompt on the BIG-IP system.
- From the BIG-IP system prompt, typetmsh show ltm profile client-ssl| grep ECDH.profile_nameAn example of a name for a profile that specifies DHE ciphers ismy_ecdh_profile.
After you type this command, the BIG-IP system displays output such as the following. In this example, the profile statistics show that ECDH with RSA certificates has been used six times:
Specifying an Elliptic Curve Diffie-Hellman key exchange method
Use this task to modify an existing Client SSL profile to enable support for Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) key exchange.
- On the Main tab, clickor .The Client SSL or Server SSL profile list screen opens.
- In the Name column, click the name of the profile you want to modify.
- Select theCustomcheck box.The settings become available for change.
- For theCipherssetting, clickCipher Stringand typeDEFAULT:ECDHE.
- ClickUpdate.
After you perform this task and assign the profile to a virtual server, the BIG-IP system uses the ECDHE key exchange method to establish secure communication with the relevant client or server.
Unsupported cipher suites on the BIG-IP system
For security reasons, these cipher suites are unavailable in the BIG-IP system:
- EXP-EDH-RSA-DES-CBC-SHA
- EXP-ADH-DES-CBC-SHA
- EXP-RC2-CBC-MD5
- EXP-ADH-RC4-MD5
About cipher keywords on the BIG-IP system
There are a few things you should know when specifying keywords to create a BIG-IP cipher string. These things apply whether or not you are creating a cipher string using cipher rules and groups or typing a raw cipher string into an SSL profile.
About the COMPAT cipher string
In previous BIG-IP releases, cipher support included the
COMPAT
cipher string, allowing the use of OpenSSL cipher suites not natively
supported by the BIG-IP. In this release, the COMPAT
cipher string has been removed.If your configuration includes the
COMPAT
cipher string, it will be replaced with NONE
and secure connections relying on these cipher suites will fail. This change:
- Optimizes the security of your cipher configuration by preventing any OpenSSL cipher suite vulnerabilities from being introduced into the BIG-IP system.
- Changes the meaning of theNATIVEkeyword; this keyword now equivalent to the keywordALL.
Invalid keywords for BIG-IP cipher strings
When you manually configure a cipher string on the BIG-IP system (as
opposed to using a cipher group), these keywords are invalid:
- COMPAT
- SSLV2(a subset ofCOMPAT)
- RC2(a subset ofCOMPAT)
- Any other subsets ofCOMPATorSSLv2
If you attempt to specify these keywords within a cipher string,
the system displays an error message and prevents you from creating the relevant SSL
profile.
If you have an SSL profile in a previous BIG-IP version and
then upgrade to version 14.0 or higher, the system automatically resolves the issue
for you.
Changes to BIG-IP cipher keywords during a system upgrade
During a BIG-IP software upgrade to version 14.0 or higher, the
system takes these actions:
- If the system detects the keywordsCOMPAT,SSLv2,RC2, or any subset of these in an existing cipher string, the system logs a message in the file/var/log/ltmand changes any of these keywords toNone.
- The system treats the keywordNATIVEas being equivalent to keywordALL.
- If a cipher string evaluates to an empty set, the system remaps the string to the default cipher string, represented by the keywordDEFAULT. The default cipher string contains a subset of the cipher suites that are suitable for most SSL connections.